name: vaultwarden
services:
  vaultwarden:
    image: vaultwarden/server:testing
    container_name: vaultwarden
    restart: unless-stopped
    #ports:
    # - 9445:80 #map any custom port to use (replace 9445 not 80)
    volumes:
     - /mnt/docker/local/vaultwarden/data:/data:rw
    environment:
#     - ROCKET_TLS={certs="/ssl/certs/certs.pem",key="/ssl/private/key.pem"}  // Environment variable is specific to the Rocket web server
     - ADMIN_TOKEN=${ADMIN_TOKEN}
     - WEBSOCKET_ENABLED=true
     - SIGNUPS_ALLOWED=false
     - SMTP_HOST=${SMTP_HOST}
     - SMTP_FROM=${SMTP_FROM}
     - SMTP_PORT=${SMTP_PORT}
     - SMTP_SECURITY=${SMTP_SECURITY}
     - SMTP_TIMEOUT=${SMTP_TIMEOUT}
     - SMTP_USERNAME=${SMTP_USERNAME}
     - SMTP_PASSWORD=${SMTP_PASSWORD}
     - DOMAIN=${DOMAIN}
     - SSO_ENABLED=true
     - SSO_AUTHORITY=https://auth.prestonhunter.space/application/o/vaultwarden/
     - SSO_CLIENT_ID=WDhzpgOpIiHroUFxOl93nUg6LoARQWeR21MA1cJ9
     - SSO_CLIENT_SECRET=a7jXPUOmjG9Y5pVWdEe8trFCsLB9qKuXXnfY6LLzm3hRGsewwc5wQq1c7dSF7wtvjf8aqfzW3FolUVj2m3UU7HNQPKjUsA2TIKUnOabu3XNCxpEVX89xEKXUDwjlabpj
     - SSO_SCOPES="openid email profile offline_access"
     - SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION=false
     - SSO_CLIENT_CACHE_EXPIRATION=0
     - SSO_ONLY=true # Set to true to disable email+master password login and require SSO
     - SSO_SIGNUPS_MATCH_EMAIL=true # Match first SSO login to existing account by email
    networks:
      - npm_default

#uncomment below network part if you are using Nginx Proxy Manager, or you can remove the same
networks:
  npm_default:
    external: true